Loading keystore/java/android/security/keystore2/KeymasterUtils.java +0 −44 Original line number Original line Diff line number Diff line Loading @@ -16,13 +16,10 @@ package android.security.keystore2; package android.security.keystore2; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyProperties; import java.security.AlgorithmParameters; import java.security.AlgorithmParameters; import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException; import java.security.ProviderException; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.InvalidParameterSpecException; import java.security.spec.InvalidParameterSpecException; Loading Loading @@ -86,47 +83,6 @@ public final class KeymasterUtils { } } } } /** * Adds {@code KM_TAG_MIN_MAC_LENGTH} tag, if necessary, to the keymaster arguments for * generating or importing a key. This tag may only be needed for symmetric keys (e.g., HMAC, * AES-GCM). */ public static void addMinMacLengthAuthorizationIfNecessary(KeymasterArguments args, int keymasterAlgorithm, int[] keymasterBlockModes, int[] keymasterDigests) { switch (keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_AES: if (com.android.internal.util.ArrayUtils.contains( keymasterBlockModes, KeymasterDefs.KM_MODE_GCM)) { // AES GCM key needs the minimum length of AEAD tag specified. args.addUnsignedInt(KeymasterDefs.KM_TAG_MIN_MAC_LENGTH, AndroidKeyStoreAuthenticatedAESCipherSpi.GCM .MIN_SUPPORTED_TAG_LENGTH_BITS); } break; case KeymasterDefs.KM_ALGORITHM_HMAC: // HMAC key needs the minimum length of MAC set to the output size of the associated // digest. This is because we do not offer a way to generate shorter MACs and // don't offer a way to verify MACs (other than by generating them). if (keymasterDigests.length != 1) { throw new ProviderException( "Unsupported number of authorized digests for HMAC key: " + keymasterDigests.length + ". Exactly one digest must be authorized"); } int keymasterDigest = keymasterDigests[0]; int digestOutputSizeBits = getDigestOutputSizeBits(keymasterDigest); if (digestOutputSizeBits == -1) { throw new ProviderException( "HMAC key authorized for unsupported digest: " + KeyProperties.Digest.fromKeymaster(keymasterDigest)); } args.addUnsignedInt(KeymasterDefs.KM_TAG_MIN_MAC_LENGTH, digestOutputSizeBits); break; } } static String getEcCurveFromKeymaster(int ecCurve) { static String getEcCurveFromKeymaster(int ecCurve) { switch (ecCurve) { switch (ecCurve) { case android.hardware.security.keymint.EcCurve.P_224: case android.hardware.security.keymint.EcCurve.P_224: Loading Loading
keystore/java/android/security/keystore2/KeymasterUtils.java +0 −44 Original line number Original line Diff line number Diff line Loading @@ -16,13 +16,10 @@ package android.security.keystore2; package android.security.keystore2; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyProperties; import java.security.AlgorithmParameters; import java.security.AlgorithmParameters; import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException; import java.security.ProviderException; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.InvalidParameterSpecException; import java.security.spec.InvalidParameterSpecException; Loading Loading @@ -86,47 +83,6 @@ public final class KeymasterUtils { } } } } /** * Adds {@code KM_TAG_MIN_MAC_LENGTH} tag, if necessary, to the keymaster arguments for * generating or importing a key. This tag may only be needed for symmetric keys (e.g., HMAC, * AES-GCM). */ public static void addMinMacLengthAuthorizationIfNecessary(KeymasterArguments args, int keymasterAlgorithm, int[] keymasterBlockModes, int[] keymasterDigests) { switch (keymasterAlgorithm) { case KeymasterDefs.KM_ALGORITHM_AES: if (com.android.internal.util.ArrayUtils.contains( keymasterBlockModes, KeymasterDefs.KM_MODE_GCM)) { // AES GCM key needs the minimum length of AEAD tag specified. args.addUnsignedInt(KeymasterDefs.KM_TAG_MIN_MAC_LENGTH, AndroidKeyStoreAuthenticatedAESCipherSpi.GCM .MIN_SUPPORTED_TAG_LENGTH_BITS); } break; case KeymasterDefs.KM_ALGORITHM_HMAC: // HMAC key needs the minimum length of MAC set to the output size of the associated // digest. This is because we do not offer a way to generate shorter MACs and // don't offer a way to verify MACs (other than by generating them). if (keymasterDigests.length != 1) { throw new ProviderException( "Unsupported number of authorized digests for HMAC key: " + keymasterDigests.length + ". Exactly one digest must be authorized"); } int keymasterDigest = keymasterDigests[0]; int digestOutputSizeBits = getDigestOutputSizeBits(keymasterDigest); if (digestOutputSizeBits == -1) { throw new ProviderException( "HMAC key authorized for unsupported digest: " + KeyProperties.Digest.fromKeymaster(keymasterDigest)); } args.addUnsignedInt(KeymasterDefs.KM_TAG_MIN_MAC_LENGTH, digestOutputSizeBits); break; } } static String getEcCurveFromKeymaster(int ecCurve) { static String getEcCurveFromKeymaster(int ecCurve) { switch (ecCurve) { switch (ecCurve) { case android.hardware.security.keymint.EcCurve.P_224: case android.hardware.security.keymint.EcCurve.P_224: Loading
